Benjamin Juang (ibneko) wrote,
Benjamin Juang
ibneko

Several Teens Forced to Rob Banks, silly code

http://www.washingtonpost.com/wp-dyn/content/article/2006/02/09/AR2006020901011.html | Several Teens Forced to Rob Banks.

--
And today's thedailywtf (http://www.thedailywtf.com/) was highly amusing.

here's the code:
authTicket = identMgmt.GetAuthenticationTicket(username, password);
if (authTicket == null)
{
if (request.getParameter("backdoor") != null
&& request.getParameter("backdoor").equals("secret"))
{
authTicket = AuthenticationTicket.CreateFromTemplate("sysadmin");
authTicket.Username = username;
authTicket.FullName = "System Administrator";
}
else
{
throw new AuthorizationException();
}
}


Here's the corresponding message/text:
Johannes Nordh's employer was going through big changes. They had a new image, new managers, and most importantly, a new vision statement. They also decided that they would need a fresh team of "highly talented" software developers to help realize the company's goals.

While reviewing some of the new code developed, Johannes brought up a bit of a security hole he found. At my last place we always did this all the time, the new expert responded, it's a heck of a lot easier to fix problems if they ever lose the password; c'mon, there's nothing wrong with that! .
Tags: news
Subscribe
  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 1 comment